Kerio unstealthed ports

Discussion in 'other firewalls' started by eboula, Mar 16, 2007.

Thread Status:
Not open for further replies.
  1. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    On the latest version of Sunbelt Kerio Personal Firewall I ran the GRC Shields Up test and found that ports 1025 and 1044 were closed but not stealthed and ports 1029 and 1041 were open. Can somebody tell me how to change this so that all ports are stealthed? Thanks for any help you may be able to give.
     
  2. Zom17

    Zom17 Registered Member

    Joined:
    May 15, 2006
    Posts:
    68
    Strange because I have the latest Kerio and I ran the Shields Up! tests and in all tests run I recieved a Pass.

    When is the last time you ran an anti-virus scan? What other things are you doing for security, i.e., router, etc.?
     
  3. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    In your app list have you got "any other application" set to block internet inbound?
     
  4. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    "any other application" is set to ask.

    I ran an antivirus test 2 days ago using avast free edition. This was also about the time I noticed that the ports were open so I haven't gotten a virus since then that's causing it.

    I do not have a router. My security comes from Kerio Firewall, Windows Defender with realtime protection enabled, Avast free edition antivirus with on-access enabled, Ccleaner for secure erasing, Ad-aware SE, Spybot, and Spywareblaster with all protection enabled. I'm on dialup if anyone cares. Thanks for the help.
     
  5. Zom17

    Zom17 Registered Member

    Joined:
    May 15, 2006
    Posts:
    68
    GET A ROUTER! Seriously, it is incedibly important for your security. It is first line defense.
     
  6. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    All stealthed here too
     
  7. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    Since he's using a modem (he's a dialup user), where do you propose that he install the router?

    Phil
     
  8. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Using the latest version of Sunbelt Kerio. All stealth.
     
  9. Zom17

    Zom17 Registered Member

    Joined:
    May 15, 2006
    Posts:
    68
    My bad.
     
  10. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    Ok now that we've established I'm the only Kerio user in the world who isn't stealthed, can somebody help me become stealthed?
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Does the modem have FW? Did you change the predefined rules?
    Do you have rules allowing which incoming trafic? (screenshots if you can, or describe the rules)
    I don't know that much myself, but knowing what rules you have helps.
    If you have those ports open, you could have some rule for that. Your computer is replying. Info
     
  12. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, eboula

    You could all way try:- Windows Worms Doors Cleaner

    Take Care,
    TheQuest :cool:
     
  13. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Change it to block in the internet inbound column.
     
  14. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    Do you have any chat (instant messaging) or file sharing software installed?

    Phil
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello eboula,
    For open/closed ports to be shown, then you must have "allow inbound" rules in place. In (sunbelt)Kerio, this will be in the application lists as "allow inbound from the internet". The ports you mention are typical of svchost/dcom, so would suggest first checking on the rules in place for svchost.
     
  16. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    Thanks for your help. 1044 is now stealthed thanks to stem. The others remain unchanged. The modem does not have any firewall. The only firewall I have at all is Kerio. I have Trillian and Gaim. I used Trillian up until a couple of days ago when it started giving me an error message saying the neccessary components couldn't be found then started using Gaim instead. I have no file sharing programs.

    Here's a screenshot of my applications tab under network security.

    http://img183.imageshack.us/img183/9733/keriosz1.th.jpg
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello eboula,
    kpf4gui.exe should certainly not need inbound from the internet, so you should change to either ask or block then perform an online scan again.
     
  18. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    That didn't change anything. Thanks for trying. Any other help?
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    What he said is valid in general: look for rules with inbound allowed. Network Security - packet filter; and the predefined rules.
     
  20. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    i dont have any rules set under packet filter. the only rules i set are in the screenshot
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello eboula,

    I find this strange,.. I have installed kerio (many versions) without this issue. The ports still showing (as open/closed,..) are these 1025/1026?

    I will of course install the same version as you (which version) to try and reproduce this. Any other info, such as other security applications installed would help in trying to trace this

    Stem
     
  22. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    I just ran the test again getting ready to reply to this and it now says all ports are stealthed even though I haven't done anything since my last post... And I know I haven't because I haven't even been on my computer since my last post... Odd... Well I guess that solves it for now... I'll post again if I have any more problem... Thanks for the help.
     
  23. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I sometimes wonder about the Shields Up test. I had have the same thing happen where at one visit it showed a port or two being closed rather then stealth - then revisited some 15 minutes later without changing a thing and showing all stealthed. I would suggest creating a packet filter logging all activity to and from the ports in question and see what it shows. Also, there are a couple of other testing sites available, so I would go to them also and see if you receive the same results as with Shields Up.
     
  24. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Comodo puts itself to blocking shields up! i think when you scan all the service ports so the results are not really reliable. When too many port scans. Not sure about Kerio 4.
    Kerio 2 does not do that kind of fake attack blocking.

    Anyways it should not be a problem to making sunbelt kerio stealthed, it is all in the rules.

    Comodo doing that it is not anything bad, only to let you fellow members know that what you read after some tests are not maybe what you expected to be testing.
     

    Attached Files:

    Last edited: Mar 23, 2007
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Just a note:

    Some scans, depending on the port range, may be scanning/showing the ports being used by the browser. How the firewall handles unsolicited or "not-allowed" packets to these used ports does depend on the firewall, and the setting you have (in the firewall) for the browser.

    For simple example, if you are using IE, this does like to use the lower ports >1024, and scans made on say, 1024-1200 while using IE can give results of closed ports. The ports used by the browser do change and are random, so some times you could see a closed port at 1100, then scan again 5 minutes later, that port could then be stealthed but port 1150 shows as closed.

    The main concern is if the ports are showing as open.
     
Loading...
Thread Status:
Not open for further replies.